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We claim: 

1 . A communications isolation system comprising: 

a browser module that provides communications access to an unprotected 

network from a protected network; 

a browser client module that communicates with the browser module; and 
a browser isolator module that analyzes communications between the browser 

module and the browser client module, wherein the communication between the browser 

module and the browser client module are limited to those commvinications necessary for 

remote operation of the browser module. 

2. The system of claim 1 , further comprising a browser isolator module that is 
capable of preventing unauthorized communications between the browser module and the 
browser client module. 

3. The system of claim 2, wherein the browser isolator module screens at least 
one of the following types of information to determine of the communication is authorized: 
source and destination ports, user information, origination information, host information, 
destination information, character information, IP address information, display identification, 
session information, display class, display number, TCP information, and date and/or time 
information. 

4. The system of claim 1 , wherein tiie browser module comprises a distributed 
network browser. 

5. The system of claim 1, wherein the protected network is isolated from 
unauthorized communications received from the unprotected network. 

6. A commimications isolation system comprising: 

a browser running on a virtual machine within a protected network; 
a border inodule that tunnels communications from an unprotected network to 
the browser via a communications tunnel, wherein 
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only authorized communications are allowed between the browser and the 
unprotected network. 

7. The system of claim 6, further comprising a tunnel restrictor module that 
limits communications from the border module to the virtual machine to those 
communications authorized for browser operability. 

8. The system of claim 6, wherein the virtual machine is isolated from the 
protected network. 

9. The system of claim 6, wherein communications from the unprotected 
network are encapsulated and forwarded to the virtual machine. 

1 0. The system of claim 6, wherein protected information on the protected 
network is prevented from reaching the improtected network. 

11. A method of commimicating with an unprotected network comprising: 
estabhshing communications between a browser and a browser client; 
inspecting the communications between the browser and the browser chent; 
determining if the communications are authorized; and 

allowing the authorized communications between the browser and the browser 

client. 

12. The method of claim 1 1 , wherein the communication between the browser 
module and the browser client module are limited to those communications necessary for 
remote operation of the browser module. 

1 3 . The method of claim 1 1 , further comprising screening at least one of the 
following types of information to determine of the communications are authorized: source 
and destination ports, user information, origination information, host mformation, destmation 
information, character information, IP address information, display identification, session 
mformation, display class, display number, TCP information, and date and/or time 
information. 
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14. A method of establishing a restricted commimications tunnel comprising: 
enabling a browser on a virtual machine that is isolated from a protected 

network; 

establishing communications with a border module; 

tunneling communications from the border module to the browser; and 

preventing unauthorized communications from reaching the protected 

network. 

15. The method of claim 14, further comprising limiting communications from the 
border module to the virtual machine to those commimications authorized for browser 
operability. 

16. The method of claim 14, wherein communications from the unprotected 
network are encapsulated and forwarded to the virtual machine. 

17. An information storage media comprising information for communicating 
with an unprotected network comprising: 

information that estabhshes communications between a browser and a browser 

client; 

information that inspects the communications between the browser and the 

browser client; 

information that determines if the communications are authorized; and 
information that allows the authorized communications between the browser 
and the browser client. 

18. An information storage media comprising information for establishing a 
restricted communications tunnel comprising: 

information that enables a browser on a virtual machine that is isolated from a 
protected network; 

information that establishes communications with a border module; 
information that tunnels communications from the border module to the 

browser; and 

information that prevents unauthorized communications from reaching the 
protected network. 
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19. A communications isolation system comprising: 

means for providing communications access to an unprotected network from a 

protected network; 

means for communicating with a browser module; and 

means for analyzing communications between the browser module and the a 

browser client module, wherein the communication between the browser module and the 

browser client module are hmited to those communications necessary for remote operation of 

the browser module. 

20. A communications isolation system comprising: 

means for running a virtual machine within a protected network; and 
means for tunnelling communications from an improtected network to a 

browser running on the virtual machine via a communications tunnel, wherein 

only authorized communications are allowed between the browser and the 

improtected network. 
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